我遇到Spring Security配置问题。
当我以user1身份登录一台计算机,然后我将以另一台计算机上的user2身份登录时,刷新后的第一台计算机将所有内容视为user2。
换句话说,不可能同时有两个不同用户的会话。
配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user1").password("user1").roles("USER");
auth.inMemoryAuthentication().withUser("user2").password("user2").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
CharacterEncodingFilter filter = new CharacterEncodingFilter();
filter.setEncoding("UTF-8");
filter.setForceEncoding(true);
http.addFilterBefore(filter,CsrfFilter.class);
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/", "/login").permitAll()
.antMatchers("/questions/**").access("hasRole('USER')")
.and().formLogin().loginPage("/login").defaultSuccessUrl("/questions")
.usernameParameter("ssoId").passwordParameter("password");
}
Spring Security版本:4.0.1.RELEASE
Spring版本:4.1.6.RELEASE
控制器中的登录请求:
@RequestMapping(value = { "/", "/login" }, method = RequestMethod.GET)
public String homePage() {
return "login";
}
答案 0 :(得分:0)
@Autowired public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("user1").password("user1").roles("USER"); auth.inMemoryAuthentication().withUser("user2").password("user2").roles("USER"); }
有了这个,你说这是会话中的用户2
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser(getUser()).password(getPassword()).roles("USER");
}
答案 1 :(得分:0)
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("sergey")
.password("{noop}12345678")
.roles("USER")
.and()
.withUser("John")
.password("{noop}87654321")
.roles("MANAGER");
}
}